Privacy Policy
Last updated: April 2026
1. Who we are
Multicloud Migrations Limited
Company number: 15579136 (registered in England and Wales)
Registered address: 12 Calderon Road, London, E11 4EU
Contact: [email protected]
Website: multicloudpass.com
Multicloud Migrations Limited ("we", "us", "our") is the data controller for the personal data collected through the MultiCloudPass platform at multicloudpass.com ("the Platform"). This means we are responsible for deciding how your personal data is used and for keeping it safe.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. It applies to all users of the Platform.
If you have any questions about this policy or how we handle your data, please contact us at [email protected].
2. What data we collect and why
We collect and process the following categories of personal data:
2.1 Email address and account data
When you register for an account, we collect your email address. We use this to create and manage your account, to communicate with you about your purchase and account, and to send you important service updates (such as changes to these terms or notice of platform discontinuation).
2.2 Payment data
When you make a purchase, your payment is processed by Stripe. We do not store your card details directly. Stripe provides us with limited transaction information (such as confirmation of payment, transaction reference, and the last four digits of your card) so that we can manage refunds and maintain our financial records.
2.3 Usage data
We collect data about how you use the Platform, including:
- number of practice questions answered;
- number of AI queries made;
- path searches performed;
- exports generated; and
- scenario expert queries submitted.
This data is collected as daily counters and lifetime totals. We use it to maintain fair usage limits, improve the Platform, and prevent abuse.
2.4 Error and diagnostic data
We use Sentry to collect error logs and diagnostic information when something goes wrong on the Platform. This may include technical details such as browser type, operating system, and the actions that led to an error. We use this data solely to identify and fix bugs and to maintain platform stability.
2.5 Network and request data
We use Cloudflare as our CDN and security provider. In the course of delivering and protecting the Platform, Cloudflare processes IP addresses and request metadata (such as the pages you visit and the time of your requests). This processing is necessary for security purposes, including DDoS protection.
3. Legal basis for processing
Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis for processing your personal data. The table below sets out the legal basis we rely on for each type of data:
| Data | Legal basis | Explanation |
|---|---|---|
| Email address and account data | Contract performance (Article 6(1)(b)) | We need your email address to create your account and provide you with the service you have purchased. |
| Payment data | Contract performance (Article 6(1)(b)) and legal obligation (Article 6(1)(c)) | We process payment data to fulfil your purchase and to comply with our legal obligations for financial record-keeping and tax reporting. |
| Usage data | Legitimate interests (Article 6(1)(f)) | We have a legitimate interest in understanding how the Platform is used, maintaining fair usage limits, and preventing abuse. We have assessed that this processing does not override your rights and freedoms. |
| Error and diagnostic data | Legitimate interests (Article 6(1)(f)) | We have a legitimate interest in maintaining the stability and reliability of the Platform by identifying and fixing errors. This processing is minimal and necessary for the ongoing operation of the service. |
| Network and request data | Legitimate interests (Article 6(1)(f)) | Cloudflare processes this data to protect the Platform from security threats. We have a legitimate interest in keeping the Platform safe and available for all users. |
4. Third-party data processors
We share your personal data with the following third-party service providers, who process data on our behalf. Each provider operates under a data processing agreement and is required to handle your data in accordance with applicable data protection law.
| Provider | Purpose | Data processed | Location of processing |
|---|---|---|---|
| Stripe | Payment processing | Payment card details, transaction data, email address | Data may be processed outside the UK. Stripe maintains appropriate safeguards for international transfers, including Standard Contractual Clauses and certification under applicable data transfer frameworks. |
| Amazon Web Services (AWS Bedrock) | Powers AI features on the Platform | AI queries and prompts submitted through the study assistant | Data is processed in the EU (eu-west-2 region). |
| Anthropic | Powers AI features on the Platform | AI queries and prompts submitted through the study assistant | Data may be processed outside the UK. Where applicable, transfers are protected by Standard Contractual Clauses or equivalent safeguards. |
| Sentry | Error tracking and application monitoring | Error logs, diagnostic data, browser and device information | EU instance used. Data is processed within the European Union. |
| Cloudflare | CDN, DDoS protection, and secure tunnelling | IP addresses, request metadata, pages visited | Data may be processed outside the UK. Cloudflare maintains appropriate safeguards for international transfers. |
4.1 International data transfers
Some of our third-party processors may process your personal data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including:
- transfers to countries covered by a UK adequacy decision;
- the International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses; or
- other appropriate safeguards recognised under UK data protection law.
If you would like more information about the specific safeguards in place for any transfer, please contact us at [email protected].
5. Data retention
We retain your personal data for as long as your account is active and you continue to use the Platform.
If you delete your account or your account becomes inactive, we will retain your data for a period of 6 months following deletion or the date your account became inactive. After this 6-month period, your personal data will be permanently deleted from our systems.
We may retain anonymised or aggregated data (which cannot identify you) for longer periods for analytical purposes.
Where we are required by law to retain certain data for a longer period (for example, financial transaction records for tax purposes), we will do so in accordance with the applicable legal requirement.
6. Cookies
The Platform uses only functional and session cookies that are strictly necessary for the operation of the service. These cookies are essential for features such as keeping you logged in during your session and maintaining your preferences while you use the Platform.
We do not use any advertising, tracking, or analytics cookies. Because we use only strictly necessary cookies, consent is not required under the Privacy and Electronic Communications Regulations 2003 (PECR).
7. Your rights under UK GDPR
Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:
- Right of access. You have the right to request a copy of the personal data we hold about you.
- Right to rectification. You have the right to ask us to correct any personal data that is inaccurate or incomplete.
- Right to erasure. You have the right to ask us to delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected.
- Right to restriction of processing. You have the right to ask us to restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of data you have asked us to correct.
- Right to data portability. You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to ask us to transmit that data to another controller where technically feasible.
- Right to object. You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your rights.
7.1 How to exercise your rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive a large number of requests, we may extend this period by a further two months, but we will let you know within the first month if this is the case.
We may ask you to verify your identity before we can act on your request.
There is no fee for exercising your rights. However, if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it, in accordance with UK GDPR.
7.2 Right to complain
If you are not satisfied with how we handle your personal data or how we respond to a request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Telephone: 0303 123 1113
We would appreciate the opportunity to resolve any concerns directly before you contact the ICO. Please email us at [email protected] in the first instance.
8. Children
The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly.
9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.
If we make material changes, we will notify you by email or by a prominent notice on the Platform at least 30 days before the changes take effect. We encourage you to review this policy periodically.
Your continued use of the Platform after the updated policy takes effect constitutes your acceptance of the changes.
10. Contact
If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us:
Email: [email protected]
Multicloud Migrations Limited, 12 Calderon Road, London, E11 4EU